class UsersController < ApplicationController
  # Be sure to include AuthenticationSystem in Application Controller instead
  include AuthenticatedSystem

  # render new.rhtml
  def new
  end

  def create
    cookies.delete :auth_token
    # protects against session fixation attacks, wreaks havoc with 
    # request forgery protection.
    # uncomment at your own risk
    # reset_session
    @users = Users.new(params[:users])
    @users.save
    if @users.errors.empty?
      self.current_users = @users
      redirect_back_or_default('/signup')
      flash[:notice] = "Thanks for signing up!"
    else
      flash[:notice] =  @users.errors
      render :action => 'new'
    end
  end
  
  def change_password
  
  end
  
  #
  # Change user passowrd
  def change_password_update
    #logger.debug("----- goes here ------")
    if Users.authenticate(current_users.login, params[:old_password])
        if ((params[:password] == params[:password_confirmation]) && !params[:password_confirmation].blank?)
            current_users.password_confirmation = params[:password_confirmation]
            current_users.password = params[:password]
            
            if current_users.save!
                flash[:notice] = "Password successfully updated"
                redirect_back_or_default('/login')
            else
                flash[:alert] = "Password not changed"
                render :action => 'change_password'
            end
             
        else
            flash[:alert] = "New Password mismatch" 
            render :action => 'change_password'
        end
    else
        flash[:alert] = "Old password incorrect" 
        render :action => 'change_password'
    end
    
  end
  
  def test
    #flash[:notice] = "Thanks for signing up!"
    #redirect_to change_password_path
    render :text => current_users.login
  end  

end
